Computer storage is often classified as either primary or secondary. Primary storage refers to volatile memory into which instructions and other data may be loaded for subsequent execution or processing. For example, in a personal computer (PC), instructions and other data are stored in primary storage for quick access by the computer's central processing unit (CPU). Because of the volatile nature of primary storage, instructions and other data are lost when the power supply to the PC is removed. An example of primary storage is random access memory (RAM). Secondary storage refers to non-volatile memory, which is used to store information for extended periods. For example, a computer user may desire to keep pictures and videos permanently, which is possible with secondary storage by taking advantage of the non-volatile nature that allows data to remain even when the power supply is removed. Typical examples of secondary storage include flash memory, hard disk drives (HDD), and solid state drives (SSD).
A host processor, such as a CPU, has access to both types of computer storage. However, since there is no mechanism to restrict the CPU from accessing certain areas of secondary storage, viruses, spyware, or other malicious programs may corrupt the CPU into accessing data stored in secondary storage without a computer user's permission or intention, and thereby corrupt data that may be important for the computer user or operation of the computer. For example, since the CPU typically loads an operating system from secondary storage, the virus may corrupt critical files to boot the operating system, thereby preventing the operating system to start. The virus may also corrupt recovery files pre-installed by the manufacturer of the computer, thereby preventing a computer user from reformatting the computer to initial factory settings. The virus may further corrupt sensitive data, such as tax documents, or pictures and video data, and may render such data inaccessible by the computer user.
Some solutions exist to minimize the chances for viruses or spyware from accessing secondary storage. For example, many computer users find it useful to partition secondary storage using a user interface within an operating system and may separately store sensitive data on one partition and non-sensitive data on another. As another example, many computer users may want to install one operating system on one partition and either a different version of the operating system or a different operating system on the other partition in order to associate virus-prone activity on one partition and not the other partition. However, the CPU still has access to all of the partitions in secondary storage, and thus the CPU may allow a virus to read, alter, or destroy data within the partitions. Even using the Basic Input/Output System (BIOS) to partition secondary storage cannot prevent the spread of viruses since the BIOS may be manipulated to maliciously affect the CPU, which in turn affects data stored in all partitions in secondary storage.
Computer users may also use additional computers and designate such for secure secondary storage purposes. For example, one computer may be designated for web browsing, and another computer may be designated for storing sensitive data. However, using additional computers can be costly and inconvenient for the computer user, and still does not restrict the CPU of each computer from accessing secondary storage.
Other users may find using virtual machines useful. A virtual machine is a software-based solution that can provide several isolated computing environments. If a computer user installs virtual machine software on a host PC, several guest operating systems can be accessed, via the several isolated computing environments, through the host operating system running on the host PC. Each operating system can access logical addresses of secondary storage physically installed in the host PC, and the isolated nature of each computing environment may ensure that applications running within an operating system cannot interfere with other operating systems running on the host PC. This may appear to protect designated logical addresses of secondary storage from viruses. However, a virtual machine on the host PC may still be vulnerable to viruses, and may provide viruses access to all computing environments associated with the virtual machine, and thus to all logical addresses of secondary storage associated with each computing environment. In addition, running a virtual machine on the host PC that provides several isolated computing environments may require more CPU processing power than a host PC not running a virtual machine. Further, the concept or usage of virtual machines may deter an ordinary computer user from adopting virtual machine software.
Thus, there is a need for a simpler and more powerful hardware-based apparatus independent of the CPU and a method thereof that configures secondary storage into at least two virtual areas such that the CPU accesses the at least two virtual areas as if accessing at least two physical secondary storage units and that also prevents the CPU from accessing all regions of each virtual area unless given proper permissions.